CVE-2006-3404 : Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attack

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

Published 2006-07-06 20:05:00

Updated 2022-02-07 17:27:17

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2006-3404

Probability of exploitation activity in the next 30 days: 0.98%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-3404

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2006-3404

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-3404

http://www.ubuntu.com/usn/usn-312-1

Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049

Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_19_sr.html

Broken Link

CVEs referencing this url
http://bugzilla.gnome.org/show_bug.cgi?id=346742

Issue Tracking;Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200070-1

Broken Link
http://www.securityfocus.com/bid/18877

Broken Link;Patch;Third Party Advisory;VDB Entry
http://www.redhat.com/support/errata/RHSA-2006-0598.html

Broken Link
http://securitytracker.com/id?1016527

Broken Link;Third Party Advisory;VDB Entry
http://www.securityfocus.com/archive/1/441012/100/0/threaded

Broken Link;Third Party Advisory;VDB Entry
http://www.debian.org/security/2006/dsa-1116

Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5908

Tool Signature
http://www.securityfocus.com/archive/1/441030/100/0/threaded

Broken Link;Third Party Advisory;VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1

Broken Link
http://www.vupen.com/english/advisories/2006/4634

Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11259

Tool Signature
http://security.gentoo.org/glsa/glsa-200607-08.xml

Third Party Advisory
http://www.vupen.com/english/advisories/2006/2703

Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2006:127

Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/27687

Third Party Advisory;VDB Entry
https://issues.rpath.com/browse/RPL-522

Broken Link
http://www.securityfocus.com/archive/1/440987/100/0/threaded

Broken Link;Third Party Advisory;VDB Entry

Products affected by CVE-2006-3404

Gimp » Gimp
Versions before (<) 2.2.12
cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-3404

Exploit prediction scoring system (EPSS) score for CVE-2006-3404

CVSS scores for CVE-2006-3404

CWE ids for CVE-2006-3404

References for CVE-2006-3404

Products affected by CVE-2006-3404